| Age | Commit message (Collapse) | Author |
|---|
|
(Cherry picked from commit 2b22a66382db8a2fdf5ed7a685085a6d7d67cf12)
This adds a system property for controlling unprivileged access to
perf_event_paranoid. It depends on adding kernel support for
perf_event_paranoid=3 based on grsecurity's PERF_HARDEN feature to
completely disable unprivileged access to perf. A minimal port of this
feature is used in the vanilla Debian kernel by default.
It hides the non-hardened value as an implementation detail, since while
it is currently 1, it will probably become 2 in the future.
Bug: 29054680
Change-Id: I6e3ae3cf18d8c76df94f879c34fb6fde519b89a9
|
|
Bug: 28748264
Change-Id: Ib57ccc570de446e03ea8c27ce8e404929138b213
|
|
|
|
The old way (using triggers) starts defaultcrypto twice because
queue_property_triggers_action retriggers the action.
Bug: 27452459
Change-Id: I48c844836f551673d0dbfed6c33bd8ee1e035f40
|
|
We create per-user directories under this location, so it should
only be created once by init, similar to all the other user-specific
directories.
Bug: 27896918
Change-Id: I9ec55e4fd763c0eda6c6e50483694a6377344586
|
|
"You are in a maze of twisty little symlinks, all alike."
Restore the /mnt/sdcard symlink, for compatibility with older Android
apps. This symlink was suppose to have been removed in the Gingerbread
time frame, but lives on.
Note: The /mnt/sdcard symlink was originally created in device specific
*.rc files in the device/vendor/hardware/* directory. This change moves
the creation of the symlink into the common init.rc file.
Bug: 25801877
Bug: 28108983
Change-Id: I2f9bf71bddffadb587d7376dfdfc8a546c84ec28
|
|
It was dropped in the migration to the public.libraries format
NDK is the same on standard Android and Wear.
Bug: 27742249
Change-Id: I1eafbb649c0ccc5b9a93471fa387624d838bd3d0
|
|
|
|
Accidentally dropped it in 4b0e963872715775a63f36b385150cba4801b1d0
Bug: http://b/27546414
Change-Id: I28835ce3229f778387efedf269d7f32572e09184
|
|
This list contains libraries that should directly or indirectly
be accessible to apps for the platform. Note that this list is
not device specific but rather device class specific.
For now we have 2 separate lists; one for Android Phones and Tablets,
and another one for Android Wear devices.
Bug: http://b/27546414
Bug: http://b/22548808
Change-Id: I83de5e3cf67392d0e9af66f70123898bd5997146
|
|
Bug: 19160983
Change-Id: I8fddf11fb6124950dfa2528a4f420abd9d461df6
Signed-off-by: Daniel Rosenberg <drosen@google.com>
|
|
The new top level directory /postinstall is used by the A/B updater to
mount the new partition and run a post-install program before rebooting
into that new system.
init.rc was extended to label this new directory since the initrd has
no extended attributes.
Bug: 27177071
TEST=`ls -laZ /` shows the /postinstall directory on edison-eng
(cherry picked from commit bb968fb04db3ec5227e84571e1c6bfd265836085)
Change-Id: Iff993135c7ce3a1a0f6450892ef7382da408fd5e
|
|
cameraserver from nyc uses cameraserver as its username.
thus this change is needed for AVD (android virtual device)'s
camera HAL which is attached to cameraserver to work as that
HAL writes some files to /data/misc/media. the backward compatibility
issue should be handled as separate changes. this approach is
preferred for finer-grained security isolation.
Change-Id: If028667d62df8fcac634ff1001759c39703b00dd
|
|
|
|
Bug: 27323882
Change-Id: I1131c0537942c8f7cbf9ff6cc6847ab7e93e6187
|
|
Make stune consistent with the other cgroups mounted under /dev
Change-Id: I0fe7120ad2afbe8e6a3c9f72cc3f465de618d344
|
|
|
|
Bug: 27262109
Change-Id: I011da38f8ad1eeaf717dc03a0fb6f9fdc5654c4c
|
|
Current profiles (the ones which have not been used for
compilation) are stored in /data/misc/profiles/cur/0/pkgname/.
Reference profiles (the merged of all user profiles, used for
compilation) are stored in /data/misc/profiles/ref/pkgname/.
Add a method to get the shared app gid from an uid or appid.
Bug: 26719109
Bug: 26563023
Change-Id: I89601d7dbeb3041df882c141a9127dac200a645e
|
|
libprocessgroup checks whether it can use memory
cgroups for keeping track of forked processes by
seeing whether /dev/memcg/apps is writable. However,
on systems with memory cgroups disabled, SELinux
(correctly) no longer classifies this directory as a cgroup,
and starts denying zygote access. To fix this,
first check whether /dev/memcg/apps/tasks exists to
see if the cgroup is mounted; only then check whether
we can write to the directory.
Bug: 27046965
Change-Id: I6e44cd62d8c396e20ceb162c50606b3e86f2cb3e
|
|
The Shell app that stores bugreports now lives under DE storage for
all devices, both FBE and non-FBE.
Bug: 26668510
Change-Id: Iead1dcb98181a5caccf4d0c1e86de62abc6dc990
|
|
|
|
am: c883cdec82
* commit 'c883cdec825e021007672d3ce9b199589ed2cba6':
init-debug.rc: add runtime mmc max speed property actors
|
|
am: 20a6f0ff3b
* commit '20a6f0ff3bf21e2bc82ebfe06357f6225c991ee9':
init-debug.rc: add runtime mmc max speed property actors
|
|
This ensures that all users on device follow a consistent path for
setup and validation of encryption policy.
Also add remaining user-specific directories and fix linking order.
Bug: 25796509
Change-Id: I8c2e42a78569817f7f5ea03f54b743a6661fdb9c
|
|
persist.mmc.max_read_speed - KB/s speed cap
persist.mmc.max_write_speed - KB/s speed cap
persist.mmc.cache_size - MB of high-speed on-device write cache
device default directly to associated /sys/block/mmcblk0/ attributes,
not delivered on "user" builds.
Bug: 26976972
Change-Id: Ic82b9614489b6406ce830d127c85affc9095e256
|
|
am: d8e0e52099
* commit 'd8e0e520998e83ae16fcff317704bb6c00b7fb31':
init.rc: too many start logd
|
|
am: 989daeaf5b
* commit '989daeaf5b2f50d96da69ad476adf434522e35e7':
init.rc: too many start logd
|
|
|
|
Bug: 26934873
Change-Id: Ia00da6253a50bedc8ba825df1cf641b86cdebeed
|
|
am: 1ef5b78a2f
* commit '1ef5b78a2ffc471e5ac2e30b424f00d15d581a8c':
Start debuggerd as soon as logd is up.
|
|
am: 1b729b3e04
* commit '1b729b3e04b210d096ee2d447945f6b2c53b6029':
Start debuggerd as soon as logd is up.
|
|
Makes debugging early boot crashes easier.
Bug: http://b/26918597
Change-Id: I5bb883f1350ea5f7a545cb0e9f1034ecfcf47cdb
|
|
|
|
|
|
Allows ActivityManager to use the top-app cpuset to grant the currently
focused app exclusive access to a CPU core.
Change-Id: I45bca5170477e413dec6e5889338399d0859706c
|
|
am: ef605cb749
* commit 'ef605cb7495cec368f7be015f924479969dd8fc2':
init.rc: add missing /dev/fd symlink
|
|
am: 54bf0718f4
* commit '54bf0718f4eb1b170f55bbd07207cd6ad2e7e0f5':
init.rc: add missing /dev/fd symlink
|
|
It turns out we were using the CPU accounting
cgroups for keeping track of processes that were
forked by an app without the framework's knowledge,
so we could kill all of them reliably (see b/15313911
for context).
Since we want to use memory cgroups for other purposes,
we might as well use memory cgroups for tracking forked
PIDs if they're enabled. This also gets us automatic cleanup
of empty mem cgroups.
Also, removed old mem cgroup mount point that is no
longer used, as well as cgroup release agent code that
we're not using.
Change-Id: I69d5cc31c162ffa49ef6945755f41381e306cc8b
|
|
The Linux kernel implicitly expects /dev/fd to symlink to /proc/self/fd.
This change fixes the exec/execveat.c kernel selftest.
Change-Id: Ia08d50023336fdbfc098527299c326d9d59039a9
Signed-off-by: Greg Hackmann <ghackmann@google.com>
|
|
Fix ugly special cases for user 0: initialize them explicitly.
Bug: 26704408
Change-Id: I1b8536b9e5e87ea98b4009a309f2e22c56006651
|
|
Bug 26834865
Change-Id: Idc63c1706f68d42b2a9cee05997c63a9bbcb0fb9
|
|
Add /data/ota in init so that the right selinux labels are applied.
Bug: 25612095
Change-Id: I8fd093147f8e0a5c3bd1a4007a61b0b759911cf2
|
|
|
|
nodes" am: fa432b0e2f
am: 54b47105ae
* commit '54b47105aea0e93ee287f76d4a4dc6bfe6ddf698':
ueventd.rc: Document the different rule formats for /dev and /sys nodes
|
|
am: fa432b0e2f
* commit 'fa432b0e2f87e9a029ac0094e5bceaaff258368a':
ueventd.rc: Document the different rule formats for /dev and /sys nodes
|
|
|
|
Bug: 24511454
Change-Id: Ia27f4ef0eb71f891c789f637a21b04afe0b1c4e9
|
|
|
|
am: 9deaf7c8a6
* commit '9deaf7c8a6eca900e1e50cccc1aeef17d04d70e2':
init.rc: mix device-specific data into the Linux RNG
|
